$SSH Into Your Arch Linux Machine From Anywhere Using Tailscale
A step-by-step guide to setting up SSH access from a MacBook to an Arch Linux (Omarchy) desktop, with Tailscale for secure remote access from any network — no port forwarding required.
I recently set up remote SSH access from my MacBook to my Arch Linux desktop (running Omarchy) — first over LAN, then from anywhere using Tailscale. If you've got a similar two-machine setup and want seamless terminal access without exposing ports to the public internet, this is a clean way to do it.
Here's exactly how I got it working.
The Setup
- Remote machine: Omarchy (Arch Linux)
- Local machine: MacBook (macOS)
- Connection type: Tailscale private network — secure access from any Wi-Fi, no port forwarding needed
1. Install and Enable SSH on Omarchy
First, make sure openssh is installed and the SSH daemon is running:
sudo pacman -Syu openssh
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl status sshd
If status shows active (running), you're good to go.
2. Find Your Local IP (For LAN Access)
If both machines are on the same Wi-Fi network, you can connect over your local IP:
ip addr show
Look for something like inet 192.168.1.105/24 under your active network interface. Then from your Mac:
ssh parish@192.168.1.105
This works great at home — but the moment you switch to a different network (a café, office, or your phone's hotspot), the local IP becomes useless. That's where Tailscale comes in.
3. Set Up Tailscale for Anywhere Access
Tailscale creates a private mesh network between your devices using WireGuard under the hood. Each device gets a stable IP that works regardless of what Wi-Fi you're on.
On Omarchy:
curl -fsSL https://tailscale.com/install.sh | sh
sudo systemctl enable tailscaled
sudo systemctl start tailscaled
sudo tailscale up
This will give you a login URL — open it in a browser and authenticate with your Tailscale account.
On MacBook:
Download the app from tailscale.com/download and sign in with the same account.
Get Your Tailscale IP:
tailscale status
You'll see something like:
100.70.154.61 omarchy linux active
Now from your Mac, no matter where you are:
ssh parish@100.70.154.61
That's it. No port forwarding, no dynamic DNS, no firewall rules.
4. Fix Password Login or Set Up Key-Based Auth
If Password Login Fails
Check your SSH config on Omarchy:
sudo nano /etc/ssh/sshd_config
Make sure these lines are present and uncommented:
PasswordAuthentication yes
PermitRootLogin no
Then restart the daemon:
sudo systemctl restart sshd
Key-Based Authentication (Recommended)
Password auth works, but key-based login is both more secure and more convenient. On your Mac:
ssh-keygen -t ed25519 -C "macbook"
Copy the public key to Omarchy:
ssh-copy-id parish@100.70.154.61
Now you can connect without typing a password:
ssh parish@100.70.154.61
Once key-based auth is confirmed working, you can go back and set PasswordAuthentication no in your sshd_config for extra security.
5. Useful SSH Commands
Here's a quick reference I keep coming back to:
| Action | Command |
|---|---|
| Connect to Omarchy | ssh parish@100.70.154.61 |
| Disconnect | exit or Ctrl + D |
| Force-disconnect a stuck session | Enter, then type ~. |
| Check who's logged in | who or w |
| Restart SSH service | sudo systemctl restart sshd |
| Check SSH service status | sudo systemctl status sshd |
| View Tailscale peers | tailscale status |
| Check your Tailscale IP | tailscale ip |
6. SSH Config Shortcut on Mac
Typing the full IP every time gets old. Add a shortcut:
nano ~/.ssh/config
Add this block:
Host omarchy
HostName 100.70.154.61
User parish
Now connecting is just:
ssh omarchy
Clean and fast.
7. Troubleshooting Quick Fixes
A few things that tripped me up:
| Problem | Fix |
|---|---|
apt: command not found | Omarchy is Arch-based — use pacman, not apt |
failed to connect to local tailscaled | Run sudo systemctl restart tailscaled |
Permission denied | Double-check your username and ensure PasswordAuthentication yes is set |
| Can't connect from a new Wi-Fi | Use Tailscale IP, not your local IP — local IPs don't work across networks |
Why This Setup Works Well
The combination of SSH + Tailscale is simple but powerful. You get encrypted remote access to your machine from literally anywhere — no VPN subscription, no complicated router config, no public-facing SSH port. Tailscale's free tier is more than enough for personal use, and the connection is fast enough that it feels like you're sitting in front of the machine.
If you're running any kind of home dev server or just want to hop into your desktop terminal from a laptop, this is the setup to use.